Conferences, comedy, clouds and contracts.

Continuing my attempts to bring Shakespeare into as many posts as I can….

Let specialties be therefore drawn between us,
That covenants may be kept on either hand.

(Taming of the Shrew  II. i. 127-8)

A couple of weeks ago, I presented at the HR Technology Conference in Chicago, the topic being SaaS Contracts:  how not to get ripped off.  I made an animation to start the presentation, as talking about contracts can be a bit dry.


If the embedded version doesn’t behave,  watch it here.    My goal was to show the naivete of the typical buyer when dealing with a smooth salesperson. In the space of about 2 minutes, the buyer makes at least 9 major blunders. See if you can spot them. It is supposed to be funny, but I’ll let you be the judge of that.

A week or so after the event I did a podcast  on the Bill Kutik Radio Show, where I go into a bit more detail.  Have a listen here.  I’m not a lawyer, so this doesn’t constitute legal advice, but I’m saddened by the ignorance on the side of the buyer, and the willingness of the seller to exploit that. That is business, I guess.

Or as Camillo said in   The Winter’s tale:

You pay a great deal too dear for what’s given freely.

Also we have a lot of research on how to buy cloud/SaaS solutions.  Gartner clients should definitely check out Alexa Bona’s  research. Whether buying or selling, getting a fair contract is best in the long run.

(I’m very impressed with the Xtranormal tool for animation. I checked with their legal folks on usage, what a pleasure to deal with them).


Toto, Africa and copyright..

Super arrangement of Toto’s Africa by the Perpetuum Jazzile.  This rocks. Appeared in my inbox this morning. Thanks Geoff.

Africa is one of those tunes that is part of my mental soundtrack. I hear it and I’m transported back to a humid South African evening, the crickets chirping and the smell of African rain is in the air. Weird, as the band is from LA, and this sort of soft rock normally my thing. But I guess for most of my generation this is a iconic sing along song.  Perpetuum’s performance is really rather special.

But what rocks even more is the response from David Paich, the fellow who wrote the song.


My name is David Paich. When I wrote Africa I never dreamed of hearing such an innovative rendition. All I can say is awesome!!!!!!!!!!!!!!

I am truly honored that you not only would arrange a choir version of the song but the time and effort into creating REAL MAGIC! I have NEVER received so many emails from artists friends and colleagues on a singular performance of a song.

My hats off to all of you.

I know my co-writer Jeff Porcaro would have shared the same feelings. I know my band TOTO does.

Again, thanks you for such a wonderful gift.I would love to meet everyone sometime soon and maybe work together.


This, ladies and gentlemen, is how derivative works should work.  Goodness all around.

George Clooney,David Beckham and the software demo

I’m in the middle of doing a Magic Quadrant at the moment.  It is a lot more work than I imagined, even if Jim is doing the lion’s share of it.  By the end of the process we will have had in depth presentations from nearly 30 vendors, and interviewed many of their customers. But this post isn’t about the details of employee performance management software.

Copyright is a big deal in the software industry. It is the basis on which  most software is sold or  licensed.  licence v sale is another can of worms, and not for a friday evening post.

Software IP is  considered to be a fascinating subject by a very small segment of the population, but it is the foundation upon which our industry is built.  Folks such as Geeklawyer make fortunes out figuring software IP law out.  Software companies around the world pounce aggressively on abuse of  copyright and other IP forms. This is their right, and they are pretty good at exercising it.

Celebrities also make use of copyright and other laws  to protect their image, and to earn their crust(s). When David Beckham advertises a razor, or a pair of sunglasses, the company using that image has coughed up big money for the pleasure thereof. Mr Beckham’s advisors think long and hard whether a particular product fits with his image. 

Nestle paid handsomely for Mr Clooney to sip Nespresso.  And there is a mass of law, and troops of lawyers to defend Mr Beckham’s and Mr Clooney’s  rights to their images. Joe citizen has certain rights, but celebrity image rights is big business. California, home to many celebrities and software companies has strong laws to provide additional rights to celebrities.

Celebrities, athletes, and artists have certain rights in regard to the commercial use of their image, voice, or persona. Under sections 3344 and 3344.1 of the California Civil Code, reproducing or using the image, voice, or persona of someone without their permission constitutes a violation of their privacy rights.

Privacy rights extend to the celebrity status of deceased persons as well. Permission for the reproduction of photographs, movie stills, or other depictions of a deceased celebrity requires permission from the person or corporation who owns the rights to them. thanks to Fergus law office for the info .

Under UK law, the law of passing off can sometimes be used to prevent a celebrity’s image being used overtly to promote a commercial product. Have a look here at this case. more details here.  For those interested in comparative rights to one’s own image, see this paper on SSRN.

Why is it then, that so many software demos include images and data of Mr Beckham, Brad Pitt,  Cameron Diaz, James Bond and Matt Damon?

I’m not a lawyer, but it seems to me that using their names and images without their permission infringes the self same copyright laws that enable software companies to charge money for software. Never mind the more complex and messy issue of privacy and reputation.  

When you demo enterprise software, don’t promote George Clooney to Deputy Vice President,  make jokes about David Beckham being on the bench because he is a bit slow or change Ms Zeta-Jones’ family dental benefit plans. Unless of course, you have permission from the said celeb.  I’ve not even started on the data protection law implications of processing their personal data…

I’m not a lawyer, so if you don’t believe me, have a chat with your in-house legal counsel. You might think it is cool to have a bunch of celebrities in your demo system, but I’m not sure that it is such a good idea. 

Technorati Tags: ,,

On Getting things Done

Dave Allen’s book and method  have received considerable positive coverage in the blogosphere, and  tools to bring the method to the inbox are popping up like daffodils.

The Dave Allen Company has an outlook application for GTD,  which it sells along with books and other guides to getting your life in order.

Instead of doing the sensible thing and buying the book first, I thought I download some software…

I decided to try a Firefox plug in, based on the WebWorkerDaily review.

I’d not planned to blog this, but Zoli posted about a GTD offering for gmail,

I wanted to get organized about my ever-growing inbox, so I thought I’d give GTDInbox a try, especially after reading the positive reviews on both WebWorkerDaily and ReadWriteWeb.

My regular readers will know that I’m interested in the collisions  between law and software.  I vaguely  wondered if there was a trademark issue with calling the application GTD, but US trademark law isn’t really my cup of tea. GTD is a registered trademark of  the Dave Allen company, so they may have something to say about this use of it. Then again, they may think it is goodness that someone has built a firefox-gmail add in, as it might help them sell more books.

But this post isn’t really about trademark, it is about something even more boring, T&Cs-

Many of us don’t bother reading the T&Cs of applications we use. After all, we are busy people.  But in the case of a GTD add on, I thought  it might be worth pausing for a second and dong so. After all, in theory this little application will be rummaging around in my  inbox,

Also I figured it would be interesting to see how a Mozilla “accepted” application’s T&Cs looked. All  glowing GPL stuff, I presumed.



and zooming in…


Unlike Zoli, I can’t comment on the application, because I didn’t even download it.

Please,  next time you build an application, even if it is only in  beta, please add organise appropriate T&Cs in your Get Things Done before shipping list. Sure it is a beta application, but it could be  using my live data, and that of my friends and colleagues.  

But even Apple seem to have T&C challenges. More fom Zoli here.


Technorati Tags:

Facebook, Scoble, Manifestos and European Privacy Law.

Thanks to truly brilliant stream of  Auntie P.

I’m very late to this, and originally I wasn’t planning to comment on the Scoble-Facebook thingy, (see techmeme) but after seeing James Governor’s link comment,about Nick Carr’s post, I figured I’d jump in.

James said…

my take: Che? No. Scoble the Mike Huckabee of the A-list. He thinks privacy is “just a theory” but runs awesome home and webspun campaigns… aw shucks

Spot on James. (thanks also to James for getting me into this CC flickr photo thingy)

Part of Robert’s defence is that he was “only” collecting

Names and email address and birthday.

But name, email address and birthday are personal data.

Here in ye old Europe we have a pretty clear legal definition of personal information.

Personal data are defined as “any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;” (art. 2 a of the EU Data Protection Directive)

I don’t want to go into a long history of European privacy law here, but The ancient runes (1980) of the OECD guidelines are a good starting place. The seven principles governing the OECD’s recommendations for protection of personal data were:

   1. Notice—data subjects should be given notice when their data is being collected;
   2. Purpose—data should only be used for the purpose stated and not for any other purposes;
   3. Consent—data should not be disclosed without the data subject’s consent;
   4. Security—collected data should be kept secure from any potential abuses;
   5. Disclosure—data subjects should be informed as to who is collecting their data;
   6. Access—data subjects should be allowed to access their data and make corrections to any inaccurate data; and
   7. Accountability—data subjects should have a method available to them to hold data collectors accountable for following the above principle

These principles eventually wound up as the foundation of the Data Protection Directive, which in turn ended up in the national law of all EU countries. They would make a good start for anyone building a terms of service for an offering that consumes personal data too.

The principles in the UK Act are defined as follows

Personal data:

  1. Shall be processed fairly and lawfully
  2. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose(s)
  3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed”.
  4. Shall be accurate and, where necessary, kept up to date.
  5. Processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of data subjects in relation to the processing of personal data.

Robert Scoble’s actions may be perceived as noble in some quarters, but they don’t impress me. He single-handedly bashed through most of the basic principles of privacy with his scraping exercise, never mind Facebook’s terms of service. Facebook was right to take Robert on here. Facebook is subject to the provisions of European Data Protection Law. Facebook is part of the safe harbor. 

Carr nails it.

Facebook has an obligation to protect the data entrusted to it by its members. At the very least, members should have the right to decide whether or not their personal information can be scraped out of the Facebook database. Scoble did not give them that choice. That doesn’t mean that Facebook is the hero. It, like other social networks, happily scrapes information from members’ email accounts to identify possible new members. Facebook will scrape when it suits its commercial interest but will block scraping when it doesn’t. Still, in this particular case, Facebook did what it needed to do: protect the information and the interests of its members. Until controls are in place, unauthorized scraping of other members’ personal information shouldn’t be allowed.

What the Scoble affair reveals is that the issue of “data portability” is not a simple issue but a fraught one. Data scraping can make our lives easier, but it can also put us at risk.

So does Anne

Even if Scoble’s Facebook friends agreed to let him view their data on Facebook, they didn’t agree to let him take that information wherever he wants to do with what he wants. He could use a screen scraping program to grab data that they consider just-among-friends and stick it out in public without any regard for their privacy settings. You might say, “Scoble wouldn’t do that” but it’s Facebook’s responsibility to see that it doesn’t happen.

Data portability could be designed into Facebook in such a way that it doesn’t compromise user’s privacy. At the very least, an opt-in to profile sharing outside Facebook would need to be provided. Allowing uncontrolled screen scraping is not the answer

And Loren Feldman’s acerbic take is well worth a watch.  See the comments too. This one from Patrica, (who has a super  golf blog)

Though evidently there are a number of geek wannabes out there just itching to join a data martyr movement.

Hat tip gapingvoid’s twitter

You may find this article on the position of Facebook in UK law interesting. Facebook could move at speed to suspend Robert, but seem awfully unwilling to let other people voluntarily remove themselves.  I’ve rambled before about Facebook and data protection law.

Robert, no doubt, had good intentions, but he was breaking the law, both in terms of the Facebook terms and conditions, and for those Europeans lurking in his 5000 “Friends”, a good bit of data protection law too.  Processing 5000 records moves one beyond the realms of Dunbar’s law into data controller mode.

I’m glad to see blawgs joining the discussion, for instance the Canadian Privacy Law Blog.  Also I’m very pleased to see privacy manifestos emerging, such as this one over on gigaOM, but rather than inventing stuff from new, I’d propose that the web 2.0 gurus get talking with some folks who know privacy and its complexities.  It is a lot harder than it looks. 

The right to privacy is one of the most complex legal and technical issues, and not just since web 2.0.  The Germans passed privacy laws in the 1970’s and are still grappling with the balance between privacy, security, freedom of speech.  One of the most famous cases in US law is mainly about privacy rights. 

The more folks start thinking and talking about privacy, and the sooner privacy impacts buying decisions the better. 

Daniel Solove’s recent book is a damn good place to start, especially from a US perspective.

For the technical challenges, Jeff Jonas is a must read. I’d like all developers who touch personal data to read and understand Kim Cameron’s laws of Identity.

I’d love to see more from Pangloss or on this too, oh and a Geeklawyer rant would be nice too.  I hope to be at this conference next year, the 8th Privacy Enhancing Technologies Symposium (PETS 2008).  It would be even better if Facebook sent some folks along too.

Reviewing the Future of Reputation

Daniel Solove called on bloggers with an interest in privacy to drop him a note, and he would send a copy of his latest book for review.  The only condition was that you posted a review.  So here is mine.

Solove is on a mission to get people thinking about privacy who haven’t really thought about it before. Anyone who has a Facebook profile, a blog, or who posts photos online, or has friends and family who do, ought to read it. As a very successful  blogger himself, he brings a practical perspective to the topic of gossip, ‘rumor’ and privacy on the Internet.

It would be a good book for parents to read, as it would able them to understand the mySpace etc dangers and benefits better. It is accessible enough that a teenager could learn from it, without being bored by a lot of legal rhetoric.  Solove writes well, with a deft touch.  It isn’t a dense academic book, although Solove is a highly respected privacy academic. Legal types may wish for more depth, but if so, then head over and read this.

The book works because it uses lots of anecdotes to explain complex issues, simply.  It covers the awkward and subtle tensions between privacy and the first amendment-freedom of speech brilliantly. It also provides an excellent quick tour through US privacy law history. (curious though that I didn’t see  Roe v Wade  mentioned)

Most of my own research into privacy has been about government and big business.  Solove makes the powerful point that there is a significant threat from your friends, lovers and colleagues too.

He effectively challenges the binary private-public divide, arguing coherently we need to understand shades of confidentially and exposure, and uses the burning man event, Washingtonienne, Article III, and other incidents to illustrate this. He eloquently explains the paradox  that we need greater privacy and recourse against unwanted exposure if freedom of speech is to thrive.  The dangers of vigilantism and shaming are given close attention.

He briefly touches on the power of technology to aid privacy protection, but he could have explored this in more depth.  He did call on social networking tools to offer stronger privacy default. This is good advice. I would have liked more on the copyright analogy.

My only significant  gripe was that the book is very US and tort centric. It made passing mention of UK tort, but it made no mention of European Data Protection Law, nor of the right to privacy in the Universal Declaration of Human Rights or other significant legal instruments.

He is more positive than I am about the future of privacy. 

In short, buy it.

Putting web 2.0 in a legal context

For me, most of next week is all about computer law. I’m attending Gikii and the Society for Computers and Law conference – Law 2.0? : New Speech, New Property, New Identity. The SCL event is chaired by Lilian Edwards, Professor of Internet Law, University of Southampton, and Director of ILAWS, the Institute for the Law of the Web at Southampton, and  is hosted and sponsored by the firm Herbert Smith.

From the programme.

  • How do web 2.0, the “Semantic Web” and distributed computing interact?
  • What are the commercial and business model implications of web 2.0?
  • What are the social implications of social networking software and the “open access” paradigm?
  • What are the intellectual property and data protection laws impacting on these technologies and their exploitation?
  • Should public sector geospatial data be bought, sold, and “mashed up”, and if so, on what conditions?
  • How can identity and reputation be managed on the new Web?
  • Does Europe need to rewrite the laws of privacy and data protection in a web 2.0 world?
  • What dangers are we exposing children and the unwary to in a world of ubiquitous disclosure?
  • What laws govern virtual worlds? How do we do business there?
  • How do control mobile and distributed data in a connected world?
  • Should platforms like Facebook and You Tube be legally liable for user generated content?
  • Is Google legal?
  • What next in the music download wars in a web 2.0 world?

There will be a round table discussion on : Are tools like blogs and wikis inherently disruptive technologies in the workplace, and for law, democracy and politics?

I may try some live blogging again and maybe even a podcast (note to self don’t forget microphone, and remember that you are in a room of lawyers).

On Tuesday evening I’m attending the computer law group meeting in middle temple, this is the first time in almost two years that I’ve managed to be in London when the meeting is on, so I’m really looking forward to it.

On Wednesday I’ll be presenting a short paper on accessibility and web 2.0 at the absolutely packed agenda second Geek Law conference( gikii 2). I presented a paper at last year’s Gikii conference, so it is great to be allowed back. I understand from Andres there is a project underway to turn the proceedings into a book. Last year’s event was great, being described as: “Like a normal conference, only without all the boring papers”

Catching up with the law meets computers crowd in the UK will be fun and simulating and I perhaps I’ll meet the mildly notorious Geeklawyer. Hopefully these three days of academicness will motivate me finish (write) the evil thesis.

Technorati tags: , , , ,

Social media, politics, copyright, blogswarm and activism

  I’ve been pondering this post for a while,  I wrote most of this post  36,000  feet above the Atlantic on the way to Palo Alto in a luxurious Lufthansa economy seat, I figured I  might as spread out and rant on copyright and social media.

Social media as the champion of the small guy.

Social media loves to make a hero out of someone  who stands up to the “evil IP power” of traditional media.   Jerry Bowles, one of the leading bloggers on social media recently picked up on the case of Spocko’s Brain.  I’ll quote a big part of his  post Memo to Enterprises: Fire your Lawyers   as the background is important.

…was shut down by its Internet service provider, 1&1 Internet, after Disney ABC Radio complained that Spoko’s posting of audio files from KSFO, a talk-radio station in California’s Bay Area, violated the company’s copyright.

Spocko’s Brain had posted dozens of examples of KSFO right-wing morning drive talk show hosts, who are known for such tasteful exercises as enacting a mock electrocution of New York Times editor Bill Keller in a defective electric chair, calling for the execution of journalists they deem liberal, labeling themselves “pro torture, demanding that callers make fun of Islam and referring to Barack Obama as “Halfafrican.”  Spocko also sent letters to KSFO’s advertisers, inquiring if they really wanted their brands associated with the views expressed on the station, and inviting them to listen to program segment audio files posted on the Spocko’s Brain site. 

late December, Disney lawyers sent Spocko’s Brain and its ISP, 1&1 a cease-and-desist letter because of alleged copyright violations against the ABC Radio affiliate.   1&1 Internet took the site down entirely on January 2.

Once the dispute became public, much of the blogosphere rushed to Spoko’s defense and dozens of web hosts stepped forward to provide access to the disputed KSFO audio files.   The Electronic Frontier Foundation volunteered to defend the blog against legal action.  Some of the biggest and most widely read political and media blogs–like DailyKos–provided extensive coverage of the controversy and posted the disputed files, daring Disney to sue them. Selections were posted on YouTube.

These are fine and noble sentiments. Hats off to Spocko’s Brian, and to all the bloggers etc that have rallied to his support.  Zencabin provides a great summary of the traffic and the blogswarm.  

So, Disney is the evil empire, not only spewing unpleasant radio, but using copyright to stamp on the precious freedoms of a  blogger.   Clearly large media companies need to think  twice about heavy-handedness when dealing with bloggers. Score one for bloggers I guess.  Yes, but…hang on a moment…

It is easy to pick on Disney here, and beating up Disney is fair game when it comes to copyright issues.  The reprehensible nature of the material (at least from my standpoint) on the radio station  makes Brian’s actions seem very righteous and correct.  They may well be, but the legality of his actions, and those of Disney, are for the courts, not the blogjury,  to decide.

Where is the problem?

The problem here is not the lawyers, or even Disney, but the law itself.  It seems to me that copyright has lost its way.   Larry Lessig and many others can eloquently explain why, and suggest some innovative ways to fix it. 

But US copyright law was passed into statute by the elected members of the US government.  US  law as it stands today is a direct result of the interventions of those  elected leaders.  Lessig looks at the position in Washington after the recent Senate and Congressional elections.

Dems to the Net: “Thanks for the blogs. And please continue to get outraged by MoveOn messages. But don’t think for a second we’re interested in hearing anything beyond the charming wisdom of Jack Valenti. We appreciate your support. We appreciate your money. But come on — you’re all criminals. Don’t expect your criminal ways to be taken seriously by an institution as respected as the US Congress.”

My personal view is that copyright, rather than behaving as originally envisaged, to encourage and reward creativity; has become  a powerful tool to protect the business model of large media companies.  The media companies have done a brilliant job in lobbying to achieve this.  Check out chillingeffects if you would like to learn a bit more, and JP has  fabulous posts here and here. Read James on DRM as Communism and DR M as lard.

Politics and social media.

When Scoble and others cosy up to politicians and business leaders with podcasts, these are the issues they should be focusing on. 

Where was the question to Edwards about copyright?  “Sir,  do you believe that US copyright today encourages or inhibits creativity.”

Or even?

“If you want the vote of the bloggers, then you had better have a plan on DRM, copyright extension, fair use and derivative works!”

Politicians have been quick to grasp the power of social media for electioneering.  Jeremiah, over at web strategy,  highlighted Obama’s use of YouTube. 

Do these blog aware politicians have a position on DRM?

Organisations like the EFF need financial support, not just to bailout noble martyrs and fight individual cases, but to fundamentally improve the legal system.  If the rifle owners  can shape the gunlaw agenda, then it is high time that those that think copyright isn’t working get their act together. 

Apply the power of social media to bring about awareness and to help drive  real change. Vigilante behaviour seems cool when it is in a good cause, but it isn’t really.