Law and Information

John Palfrey and I released today in Washington D.C. a White Paper and three case studies on ICT Interoperability and eInnovation (project homepage here.) The papers are the result of a joint project between Harvard’s Berkman Center and the Research Center for Information Law at St. Gallen, sponsored by Microsoft. Our research focused on three case studies in which the issues of interoperability and innovation are uppermost: digital rights management in online and offline music distribution models; various models of digital identity systems (how computing systems identify users to provide the correct level of access and security); and web services (in which computer applications or programs connect with each other over the Internet to provide specific services to customers).

The core finding is that increased levels of ICT interoperability generally foster innovation. But interoperability also contributes to other socially desirable outcomes. In our three case studies, we have studied its positive impact on consumer choice, ease of use, access to content, and diversity, among other things.

The investigation reached other, more nuanced conclusions:

• Interoperability does not mean the same thing in every context and as such, is not always good for everyone all the time. For example, if one wants completely secure software, then that software should probably have limited interoperability. In other words, there is no one-size-fits-all way to achieve interoperability in the ICT context.
• Interoperability can be achieved by multiple means including the licensing of intellectual property, product design, collaboration with partners, development of standards and governmental intervention. The easiest way to make a product from one company work well with a product from another company, for instance, may be for the companies to cross license their technologies. But in a different situation, another approach (collaboration or open standards) may be more effective and efficient.
• The best path to interoperability depends greatly upon context and which subsidiary goals matter most, such as prompting further innovation, providing consumer choice or ease of use, and the spurring of competition in the field.
• The private sector generally should lead interoperability efforts. The public sector should stand by either to lend a supportive hand or to determine if its involvement is warranted.

In the White Paper, we propose a process constructed around a set of guidelines to help businesses and governments determine the best way to achieve interoperability in a given situation. This approach may have policy implications for governments.

• Identify what the actual end goal or goals are. The goal is not interoperability per se, but rather something to which interoperability can lead, such as innovation or consumer choice.
• Consider the facts of the situation. The key variables that should be considered include time, maturity of the relevant technologies and markets and user practices and norms.
• In light of these goals and facts of the situation, consider possible options against the benchmarks proposed by the study: effectiveness, efficiency and flexibility.
• Remain open to the possibility of one or more approaches to interoperability, which may also be combined with one another to accomplish interoperability that drives innovation.
• In some instances, it may be possible to convene all relevant stakeholders to participate in a collaborative, open standards process. In other instances, the relevant facts may suggest that a single firm can drive innovation by offering to others the chance to collaborate through an open API, such as Facebook’s recent success in permitting third-party applications to run on its platform. But long-term sustainability may be an issue where a single firm makes an open API available according to a contract that it can change at any time.
• In the vast majority of cases, the private sector can and does accomplish a high level of interoperability on its own. The state may help by playing a convening role, or even in mandating a standard on which there is widespread agreement within industry after a collaborative process. The state may need to play a role after the fact to ensure that market actors do not abuse their positions.

While many questions remain open and a lot of research needs to be done (including empirical studies!), we hope to have made a contribution to the ongoing interoperability debate. Huge thanks to the wonderful research teams on both sides of the Atlantic, especially Richard Staeuber, David Russcol, Daniel Haeusermann, and Sally Walkerman. Thanks also to the many advisors, contributors, and commentators on earlier drafts of our reports.

Here in Ottawa, I had the pleasure to speak at the OECD Technology Foresight Forum of the Information, Computer and Communications Policy Committee (ICCP) on the participative web – a forum aimed at contributing to the OECD Ministerial Meeting “The Future of the Internet Economy” that will take place in Seoul, Korea, in June 2008.

My remarks (what follows is a summary, full transcript available, too) were based on our joint and ongoing Harvard-St.Gallen research project on Digital Natives and included some of the points my colleague and friend John Palfrey and I are making in our forthcoming book “Born Digital” (Basic Books, 2008).

I started with the observation that increased participation is one of the features at the very core of the lives of many Digital Natives. Since most of the speakers at the Forum were putting emphasis on creative expression (like making mash-ups, contributing to Wikipedia, or writing a blog), I tried to make the point that participation needs to be framed in a broad way and includes not only “semiotic democracy”, but also increased social participation (cyberspace is a social space, as Charlie Nesson has argued for years), increased opportunities for economic participation (young digital entrepreneurs), and new forms of political expression and activism.

Second, I argued that the challenges associated with the participative web go far beyond intellectual property rights and competition law issues – two of the dominant themes of the past years as well as at the Forum itself. I gave a brief overview of the three clusters we’re currently working on in the context of the Digital Natives project:

• How does the participatory web change the very notion of identity, privacy, and security of Digital Natives?
• What are its implications for creative expression by Digital Natives and the business of digital creativity?
• How do Digital Natives navigate the participative web, and what are the challenges they face from an information standpoint (e.g. how to find relevant information, how to assess the quality of online information)?

The third argument, in essence, was that there is no (longer a) simple answer to the question “Who rules the Net?”. We argue in our book (and elsewhere) that the challenges we face can only be addressed if all stakeholders – Digital Natives themselves, peers, parents, teachers, coaches, companies, software providers, regulators, etc. – work together and make respective contributions. Given the purpose of the Forum, my remarks focused on the role of one particular stakeholder: governments.

While still research in progress, it seems plain to us that governments may play a very important role in one of the clusters mentioned above, but only a limited one in another cluster. So what’s much needed is a case-by-case analysis. I briefly illustrated the different roles of governments in areas such as

• online identity (currently no obvious need for government intervention, but “interoperability” among ID platforms on the “watch-list”);
• information privacy (important role of government, probably less regarding more laws, but better implementation and enforcement as well as international coordination and standard-setting);
• creativity and business of creativity (use power of market forces and bottom-up approaches in the first place, but role of governments at the margins, e.g. using leeway when legislating about DRM or law reform regarding limitations and exceptions to copyright law);
• information quality and overload (only limited role of governments, e.g. by providing quality minima and/or digital service publique; emphasis on education, learning, media & information literacy programs for kids).

Based on these remarks, we identified some trends (e.g. multiple stakeholders shape our kids’ future online experiences, which creates the need for collaboration and coordination) and closed with some observations about the OECD’s role in such an environment, proposing four functions: awareness raising and agenda setting; knowledge creation (“think tank”); international coordination among various stakeholders; alternative forms of regulation, incl. best practice guides and recommendations.

Berkman Fellow Shenja van der Graaf was also speaking at the Forum (transcripts here), and Miriam Simun presented our research project at a stand.

Today and tomorrow, the OECD delegates are discussing behind closed doors about the take-aways of the Forum. Given the broad range of issues covered at the Forum, it’s interesting to see what items will finally be on the agenda of the Ministerial Conference (IPR, intermediaries liability, and privacy are likely candidates.)

Over the past two days, I had the pleasure to co-moderate with my colleagues and friends Prof. John Palfrey and Colin Maclay the second Berkman/St. Gallen Workshop on ICT Interoperability and eInnovation. While we received wonderful initial inputs at the first workshop in January that took place in Weissbad, Switzerland, we had this time the opportunity to present our draft case studies and preliminary findings here in Cambridge. The invited group of 20 experts from various disciplines and industries have provided detailed feedback on our drafts, covering important methodological questions as well as substantive issues in areas such as DRM interoperability, digital ID, and web service/mash ups.

Like at the January workshop, the discussion got heated while exploring the possible roles of governments regarding ICT interoperability. Government involvement may take many forms and can be roughly grouped into two categories: ex ante and ex post approaches. Ex post approaches would include, for example, interventions based on general competition law (e.g. in cases of refusal to license a core technology by a dominant market player) or an adjustment of the IP regime (e.g. broadening existing reverse-engineering provisions). Ex ante strategies also include a broad range of possible interventions, among them mandating standards (to start with the most intrusive), requiring the disclosure of interoperability information, labeling/transparency requirements, using public procurement power, but also fostering frameworks for cooperation between private actors, etc.

There was broad consensus in the room that governmental interventions, especially in form of intrusive ex ante interventions, should be a means of last resort. However, it was disputed how the relevant scenarios (market failures) might look like where governmental interventions are justified. A complicating factor in the context of the analysis is the rapidly changing technological environment that makes it hard to predict whether the market forces just need more time to address a particular interoperability problem, or whether the market failed in doing so.

In the last session of the workshop, we discussed a chart we drafted that suggests steps and issues that governments would have to take into consideration when making policy choices about ICT interoperability (according to our understanding of public policy, the government could also reach the conclusion that it doesn’t intervene and let the self-regulatory forces of the market taking care of a particular issue). While details remain to be discussed, the majority of the participants seemed to agree that the following elements should be part of the chart:

1. precise description of perceived interoperability problem (as specific as possible);
2. clarifying government’s responsibility regarding the perceived problem;
3. in-depth analysis of the problem (based on empirical data where available);
4. assessing the need for intervention vis-à-vis dynamic market forces (incl. “timing” issue);
5. exploring the full range of approaches available as portrayed, for example, in our case studies and reports (both self-regulatory and regulation-based approaches, including discussion of drawbacks/costs);
6. definition of the policy goal that shall be achieved (also for benchmarking purposes), e.g. increasing competition, fostering innovation, ensuring security, etc.

Discussion (and research!) to be continued over the weeks and months to come.

We have teamed up with the Berkman Center on an ambitious transatlantic research project on ICT interoperability and e-innovation. Today, we have been hosting a first meeting to discuss some of our research hypotheses and initial findings. Professor John Palfrey describes the challenge as follows:

This workshop is one in a series of such small-group conversations intended both to foster discussion and to inform our own work in this area of interoperability and its relationship to innovation in the field that we study. This is among the hardest, most complex topics that I’ve ever taken up in a serious way.

As with many of the other interesting topics in our field, interop makes clear the difficulty of truly understanding what is going on without having 1) skill in a variety of disciplines, or, absent a super-person who has all these skills in one mind, an interdisciplinary group of people who can bring these skills to bear together; 2) knowledge of multiple factual settings; and 3) perspectives from different places and cultures. While we’ve committed to a transatlantic dialogue on this topic, we realize that even in so doing we are still ignoring the vast majority of the world, where people no doubt also have something to say about interop. This need for breadth and depth is at once fascinating and painful.

As expected, the diverse group of 20 experts had significant disagreement on many of the key issues, especially with regard to the role that governments may play in the ICT interoperability ecosystem, which was characterized earlier today by Dr. Mira Burri Nenova, nccr trade regulation, as a complex adaptive system. In the wrap-up session, I was testing – switching from a substantive to a procedural approach – the following tentative framework (to be refined in the weeks to come) that might be helpful to policy-makers dealing with ICT interoperability issues:

1. In what area and context do we want to achieve interoperability? At what level and to what degree? To what purpose (policy goals such as innovation) and at what costs?
2. What is the appropriate approach (e.g. IP licensing, technical collaboration, standards) to achieve the desired level of interoperability in the identified context? Is ex ante or ex post regulation necessary, or do we leave it to the market forces?
3. If we decide to pursue a market-driven approach to achieve it, are there any specific areas of concerns and problems, respectively, that we – from a public policy perspective – still might want to address (e.g. disclosure rules aimed at ensuring transparency)?
4. If we decide to pursue a market-based approach to interoperability, is there a proactive role for governments to support private sector attempts aimed at achieving interoperability (e.g. promotion of development of industry standards)?
5. If we decide to intervene (either by constraining, leveling, or enabling legislation and/or regulation), what should be the guiding principles (e.g. technological neutrality; minimum regulatory burden; etc.)?

As always, comments are welcome. Last, but not least, thanks to Richard Staeuber and Daniel Haeusermann for their excellent preparation of this workshop.

This morning, I had the pleasure and honour to speak – “as the European voice” – at the FTC hearing on “Protecting Consumers in the Next Tech-ade” (check out the official weblog for more information and summaries of the discussion.) I was asked to report about the legal and regulatory discussions on DRM in Europe and to focus on DRM interoperability in particular. The latter question is also part of an ongoing research collaboration between the Berkman Center at Harvard Law School and our St. Gallen Research Center for Information Law. The research project is aimed at exploring the interaction between interoperability and e-innovation, an important aspect that was only briefly mentioned at today’s hearing.
Here is the longer and slightly modified (links added) written version of my statement. For a more detailed discussion, check out the excellent paper “DRM Interoperability and Intellectual Property Policy in Europe” by Mikko Valimaki and Ville Oksanen.

Over the past few years, much of the legal/regulatory debate in Europe about DRM has focused on the legal protection of technological protection measures and its ramifications for the digital ecosystem, because EU member states have faced the challenge to transpose the rather vague EU Copyright Directive into their national laws and comply with the relevant anti-circumvention provisions of the WIPO Internet Treaties.

Introducing and harmonizing anti-circumvention laws across Europe has been a long and an enormously controversial process. As far as DRM is concerned, three topics in particular have caused heated controversies:

• DRM and its legal protection vis-à-vis traditional limitations on copyright such as the “right” (or privilege) to make copies for private purpose;
• DRM and “fair compensation”;
• DRM and interoperability.

Given our panel’s topic, please let me address the interoperability issue in some greater detail – a topic that has gained much attention in the context of iTunes’ penetration of the European market, esp. in France.

At the European level, though, no coherent DRM interoperability framework exists, although DRM interoperability has been identified as an emerging issue by the European Commission, which has established – among other things – a multi-stakeholder High Level Group on DRM that has also addressed DRM interoperability issues.

The lack of specific and EU-wide DRM interoperability provisions leaves us with three areas of law that address this issue more generally, both at the EU level as well as the level of EU member states. The areas are: copyright law, competition law, and consumer protection law.

Copyright Law

The EU Copyright Directive, mandating the legal protection of DRM systems, does not set forth rules on DRM interoperability. Recital 54 only mentions that DRM interoperability is something member states should encourage, but does not provide further guidance and seems to trust in the market forces. However, one might argue that the anti-circumvention framework itself allows the design of interoperable systems – e.g. a music player able to play songs encoded in different DRM standards – by outlawing only trafficking in such circumvention devices that are (inter alia) primarily designed and marketed for circumvention of effective TPM. Along these lines, at least one Italian Court has ruled – in one of the Bolzano rulings – that the use of modified chips aimed at restoring the full functionality of a Sony PlayStation (incl. its ability to read all discs from all markets despite region coding) is not illegal under the EUCD’s anti-circumvention provisions.

At the EU member state level, France has taken a much more proactive approach to DRM interoperability. A draft of the revised copyright law (implementing the EUCD) introduced an obligation of DRM providers to disclose interoperability information upon requests without being compensated. This “lex iTunes” has triggered strong reactions by the entertainment industry, and the final version of the law softened up the original proposal. Current French law states that a regulatory authority mediates interoperability requests on a case-by-case basis. Under this regime, too, DRM providers can be forced (under certain conditions) to disclose interoperability information on non-discriminatory terms, but they now have the right to reasonable compensation in return.

Competition Law

The baseline is: Competition law in Europe may become relevant in cases where a company with a dominant market position refuses to license its DRM standard to its competitors. However, to date, there exists no case law at the EU level where competition law has been applied to the DRM interoperability problem. But there are important cases (IMS Health and Magill, but also the anti-trust actions against Microsoft) illustrating how competition law — at least in exceptional circumstances — can give the need for interoperability more weight than the IP claims by dominant players. In France, Virgin Media tried to use competition law as an instrument to enforce access to iTunes FairPlay system. The French competition authority, however, has ruled in favour of iTunes, partly because it considered the market for probable music players to be sufficiently competitive (click here for more details).

Consumer Protection

From a consumer protection law perspective, three issues seem particularly noteworthy. First, the Norwegian Consumer Ombudsman has been very critical about Apple’s iTMS interoperability policy in response to a complaint by the consumer council. The Ombudsman argues that iTMS is using DRM and corresponding terms of services to lock its consumers into Apple’s proprietary systems.

Second, a French court fined EMI Music France for selling CDs with DRM protection schemes that would not play on car radios and computers (check here and here). EMI violated consumer protection law because it did not appropriately inform consumers about these restrictions. The court obliged EMI to label its CDs with the text: “Attention – cannot be listened on all players or car radios”.

Third, a recent proposal by the European Consumers’ Organisation proposes to include DRM in the unfair contract directive. The idea behind it is that consumer protection authorities should also be able to intervene against unfair consumer contract terms if the terms are “code-” rather than “law-based”.

Today, the Boston Globe runs a story about a promising cross-industry project on user-centric identity that is directed by my colleague Dr. John Clippinger at the Berkman Center for Internet and Society, Harvard Law School. It has now become public that the Berkman Center together with an industry consortium of tech companies, including IBM Corp. and Novell Inc., is working on an open security project – code-named Higgins - aimed at creating code that gives users more control over their online identities. John is quoted as follows:

Recently, I commented on this blog on the merits of user-centric identity systems – sometimes referred to as Identity 2.0 – from a privacy perspective. After the discussions at the workshop mentioned in the previous post, I’m more convinced than ever that the approach taken by Clippinger et al – despite remaining challenges, which, BTW, were fully acknowledged by the leading technologists at the workshop – has the potential to solve some of the thorniest pivacy issues on the web.

I trust that we’ll get back to this issue before the June conference mentioned in the Globe. In any event, stay tuned.

CNN.com and others report that the European Court of First Instance today dismissed Microsoft’s application for interim measures in its entirety, since Microsoft “has not shown that it might suffer serious and irreparable damage as a result of implementation of the contested decision.”

Yesterday was the IP-day at iLaw Eurasia, a five-day program about ICT policy organized by the Berkman Center, the eGovernance Academy Estonia, the Center for Democracy and Technology, the Advanced Network Research Group at the University of Cambridge, and the Open Society Institute. In the first session, Professor Terry Fisher provided a fantastic introduction to IP law in cyberspace in general and the current tussles over digital media in particular. He also analyzed and evaluated scenarios for the future of digital media, including approaches such as strengthening IP rights, self-help, and alternative compensation systems. I had the pleasure to talk about the implementation of the EU Copyright Directive and discuss basic policy approaches and -choices in the context of anti-circumvention legislation. We used the implementation of the EUCD as an example to illustrate some of the thorny problems often associated with the transposition of EU-IP directives and harmonizing treaty law more generally: Scope and definitions, exceptions and limitations, and sanction and remedies.

In a second module, we were discussing IP protection of computer software. Terry started the session with an excellent lecture, offering a comprehensive overview of the different approaches to – and the evolution of – software protection by law. Much of the subsequent discussion, most ably led by Berkman Center’s Excecutive Director and iLaw program chair John Palfrey, was about the promise of Free/Open Source Software in Eurasia. Many of the fifty representatives from government, the private sector, and civil society in Eurasia emphasized the important role of OSS in creating a more sustainable information industry in economically less developed countries. However, we also discussed potential problems related to OSS, such as documentation, training, maintenance, etc., and legal risks associated with it. In this context, we touched upon potential concerns such as liability and (increased?) exposure to IP litigation – a much discussed topic here and abroad, given recent litigation in the U.S.

Our fabulous Mary Bridges, Communication Director at the Berkman Center, has summarized some of the take-away points from yesterday’s discussion.