第九巡迴上訴法院:DMCA takedown notification 必須先確認是否為合理使用 (Fair Use)

出自 EFF 的「Takedown Senders Must Consider Fair Use, Ninth Circuit Rules」這篇,案件可以參考「Lenz v. Universal Music Corp.」這篇,或是 EFF 整理的「Lenz v. Universal」這篇,由 EFF 發起訴訟控告環球侵犯合理使用權:

The Electronic Frontier Foundation (EFF) filed suit against Universal Music Publishing Group (UMPG) asking a federal court to protect the fair use and free speech rights of a mother who posted a short video of her toddler son dancing to a Prince song on the Internet.

起因在於 Stephanie Lenz 上傳了一段 29 秒的影片,背景有 Let's Go Crazy 這首歌的音樂,而被環球發 DMCA takedown notification 下架:

Stephanie Lenz's 29-second recording shows her son bouncing along to the Prince song "Let's Go Crazy " which is heard playing in the background. Lenz uploaded the home video to YouTube in February to share it with her family and friends.

後來 Stephanie Lenz 發出 counter notification 並且控告環球濫用 DMCA notification:

In late June 2007, Lenz sent YouTube a counter-notification, claiming fair use and requesting the video be reposted. Six weeks later, YouTube reposted the video. In July 2007, Lenz sued Universal for misrepresentation under the DMCA and sought a declaration from the court that her use of the copyrighted song was non-infringing. According to the DMCA 17 U.S.C. § 512(c)(3)(A)(v), the copyright holder must consider whether use of the material was allowed by the copyright owner or the law.

而環球直接挑明不在意 fair use:

In September 2007, Prince released statements that he intended to "reclaim his art on the internet." In October 2007, Universal released a statement amounting to the fact that Prince and Universal intended to remove all user-generated content involving Prince from the internet as a matter of principle.

於是雙方就從 2007 年開始一路打官司,首先的判決是地方法院認為 DMCA takedown 必須確認侵權事實才能發,這包括了要確認 fair use:

The district court held that copyright owners must consider fair use before issuing DMCA takedown notices. Thus, the district court denied Universal's motion to dismiss Lenz's claims, and declined to dismiss Lenz's misrepresentation claim as a matter of law.

同時認為環球濫用 DMCA takedown notification:

The district court believed that Universal's concerns over the burden of considering fair use were overstated, as mere good faith consideration of fair use, not necessarily an in-depth investigation, is sufficient defense against misrepresentation. The court also explained that liability for misrepresentation is crucial in an important part of the balance in the DMCA.

然後就是一路往上打,打到前幾天第九巡迴上訴法院宣佈維持原來判決定案。這是官方放出的 PDF:「UNITED STATES COURT OF APPEALSFOR THE NINTH CIRCUIT (PDF)」。Summary 的部份提到這次判決的結論:

The panel held that the DMCA requires copyright holders to consider fair use before sending a takedown notification, and that failure to do so raises a triable issue as to whether the copyright holder formed a subjective good faith belief that the use was not authorized by law.

這個判決使得目前使用機器自動無條件送 takedown notification 的程式也會受到規範,後續看 EFF 怎麼出招了...

Wikimedia (包括維基百科) 推出 HSTS (強制使用 HTTPS)

Wikimeda 宣佈所有旗下的網站都會啟用 HTTPS 與 HSTS:「Securing access to Wikimedia sites with HTTPS」。

在這之前,使用者可以用 EFFHTTPS Everywhere 強制使用 HTTPS (在 FirefoxGoogle Chrome 都有上架),而這次則是全面強制使用了。

愈來愈多人使用 HTTPS 來保護隱私後 (而不僅僅是保護機密資料),接下來的問題就是要想辦法在 DNS 上保護了。也就是可以利用 DNS query pattern 知道你在看哪種 (或是哪一個) 頁面。

《第四公民》(Citizenfour)

第四公民》(Citizenfour) 這部電影描述了 Edward Snowden 在 2013 年披露稜鏡計畫的過程以及後續的效應,雖然是紀錄片,但整件事情還在進行發展中。

以最佳紀錄片的身份橫掃 2014 與 2015 的獎項,包括了奧斯卡金像獎與英國電影學院獎:

去年在美國上映時就查過資料,但當時沒找到在台灣上映的計畫。

前幾天發現沒跟上四月 11 日的 2015 金馬奇幻影展 (應該是台灣區的首映),昨天就跑去華山看:「《第四公民》首週上映時刻表」。

紀錄片裡描述了雙方第一次會面的珍貴影像畫面,以及當時雙方溝通的細節。

整部片子裡穿插了 GnuPGTails 這些工具,用來保護通訊的隱私與安全。以及當你可能被 APT 時要保護自己的一些手段。

在這個行業的人都應該去看一看這個歷史事件的紀錄片。

Mozilla 與 Tor (EFF) 申請 Google Summer of Code 2015 被拒

Mozilla 申請 Google Summer of Code 2015 被拒絕:「Mozilla not accepted for Google Summer of Code 2015」。

不過以 Mozilla 的能量來看感覺還好?反倒是 Tor (EFF) 也被拒絕就讓人很訝異了...

Don't be evil 啊...

EFF 的 Privacy Badger

EFF 推出新的延伸套件 (有 Firefox 與 Google Chrome 版),透過演算法阻擋嘗試追蹤你的單位:「Privacy Badger」。

在官網上有比較技術面的說明:

At a more technical level, Privacy Badger keeps note of the "third party" domains that embed images, scripts and advertising in the pages you visit. If a third party server appears to be tracking you without permission, by using uniquely identifying cookies to collect a record of the pages you visit across multiple sites, Privacy Badger will automatically disallow content from that third party tracker. In some cases a third-party domain provides some important aspect of a page's functionality, such as embedded maps, images, or fonts. In those cases Privacy Badger will allow connections to the third party but will screen out its tracking cookies.

技術上的作法是分析 third party domain 的行為,用演算法阻擋可能的追蹤。與 Ghostery 這類工具使用人力建立清單的方法不太一樣。

裝起來跑看看,感覺還蠻有趣的...