Transparency Report Update: January – June 2017

The time has come for the bi-annual update to our transparency report, covering January 1 to June 30, 2017. As usual, we’ve shared updated data about national security requests, government requests for user information, government demands for removal of content, as well as notices of copyright and trademark infringement. We’ve included some of the most interesting highlights below.

Intellectual Property

We received the highest number of DMCA takedown notifications in a single six-month reporting period. From the 5,006 we received between July-December 2016 to 9,273 this period, we saw an 85% increase.

The bulk of this increase comes down to just two complainants, both of which submitted over 2,000 reports each, accounting for 47% of the 9,273 total takedowns received. To truly appreciate the top two complainants’ volume, you should note that the third highest complainant submitted 371 reports.

We often received multiple copies of the same DMCA notice (sometimes days apart!), and often these duplicate notices target material that had already been removed or was hosted elsewhere. This highlights the problem with automated takedown systems that have no element of human review. We’ve written about the issues involved with DMCA takedown bots before, and the figures in this report suggest that the problem isn’t going away. The high volume of thoughtless takedown places a big burden on the small team we have, who are charged with carefully reviewing and processing our notices, to ensure the rights of copyright holders and our users are protected.

Due to the high volume of bot generated deficient takedown notices, we removed content in response to only 22% of the DMCA notices we received in this period, compared with our average of approximately 60% across the past six reporting periods.

Meanwhile, we can count on one hand the number of counter notices we received from our site owners, and it’s the fewest we’ve seen in a reporting period to date: 5. As we’ve mentioned, the counter notice process is intimidating and can lead to a user being sued in federal court, which means spending a tremendous amount in legal fees defending their case, even if the court determines the user’s material isn’t infringing.

Government Demands

We receive a steadily increasing number of takedown demands from governments around the world, with a 61% increase this reporting period compared to last’s.

Takedown demands from certain countries are particularly concerning. While Russia is sending us the greatest volume, we’re seeing especially problematic demands from the Turkish government, which actively censors content that criticizes the Turkish government, officials, and/or army. In hopes of defending the rights of our users to speak about their government, we have filed objections to 13 of the most egregious court orders. Unfortunately we have not seen much success. Eleven of our appeals have been rejected, and two are pending. Additionally, we do what we can to partner with our affected users in filing our objections — Turkish citizens who are blogging about their government. However this is very fraught territory, especially when filing an objection would be made in a user’s name. One of our users said it best: to appeal, and reveal their identity, would be “suicide.”

Further, after consulting with additional experts on Turkish law, we’ve learned that not only are the users who bring the case at risk, even the lawyers and judges in cases involving national security (for example, content that criticized military involvement and suggested military misconduct) can be charged for assisting terrorist organizations.

We will continue to fight for freedom of expression and our users in Turkey, which includes being as transparent as we can about the situation, the demands we receive, and our response to them.

National Security

We recently shared some information about the process we followed to lift the nondisclosure restrictions associated with five NSLs received in previous years and provide copies of our correspondence with the government. We hope this information will be useful to other companies who may wish to take advantage of the legal options that are currently available to challenge NSL nondisclosure orders.

We’ve also developed a form reciprocal notice request. If your company has received an NSL in the past and you would like the government to review the letter’s nondisclosure requirement, this form may be useful to you.

As always, please take a look through the data, and let us know if you have any questions or other types of data that you’d like to see in future reports!

Shining Light on National Security Letters

Transparency. We aim for it in most everything we do at Automattic.

When it comes to legal demands from the government, being fully transparent can be hard and even impossible in cases where we are prohibited by law from revealing information about a legal request we receive. Nowhere is the lack of transparency more controversial than in the area of National Security Letters (“NSLs”).

Today we are releasing and publishing redacted versions of five NSLs, which we hope will add to the public’s understanding of this legal tool and help inform the debate about their scope and use.

We would also like to share some information about the process we followed to lift the nondisclosure restrictions associated with these NSLs and provide copies of our correspondence with the government on this subject. We hope this information will be useful to other companies who may wish to take advantage of the legal options that are currently available to challenge NSL nondisclosure orders.

What is an NSL?

NSLs are a form of government legal process (like a subpoena) used to request information from communications service providers, like phone and internet companies, about their users in national security investigations.

NSLs are legally controversial because no judge reviews the information demands before they are issued, and they often come with a nondisclosure requirement (also known as a “gag order”) that lasts for an indefinite amount of time and can end up being permanent. An NSL gag order legally prohibits the recipient (often an internet company like Automattic) from sharing a copy of the NSL with the user whose account info is being requested. It also prevents the company from sharing any information about the NSL publicly, or from even making a public statement that they received the NSL at all. Instead, the government allows NSL recipients to report the number of NSLs they receive in a broad range, which is designed to give the public an idea of the number of NSLs received during a certain period of time. This is why we reported receipt of 0-249 NSLs for certain periods covered by our Transparency Report.

The EFF has published a comprehensive set of resources about NSLs here, if you’re interested in learning more about them.

National Security Letters Received by Automattic

Below are redacted copies of five National Security Letters received by Automattic between 2010 and 2013.

Each of the NSLs that we are publishing initially included an indefinite nondisclosure requirement that prohibited us from sharing any information about the letter or publicly acknowledging that we received an NSL.

We recently requested that these nondisclosure requirements be lifted, under the “reciprocal notice” procedures of the USA FREEDOM Act. More detail on the procedures that we followed is below.

In response to our requests, the FBI lifted the gag orders with respect to all information in each of the NSLs we are making available today. Before publishing the letters publicly, however, we decided to redact the following information from each letter: (1) the site URL about which the government requested information, (2) names of Automattic personnel to whom the request was addressed, and (3) name and contact information for the FBI personnel involved in making the information request.

We made these limited redactions in order to protect privacy interests. The NSLs are otherwise what we received when they were served onto us.

In response to four of the letters, we produced information that was responsive to the government’s request. We did not have user information that was responsive to one of the NSLs, and did not produce any information as a result.

Before publishing these letters publicly, we notified each WordPress.com account holder whose information was requested or produced under the NSLs we received, and provided them with a copy of the relevant NSL.

Legal Review of Nondisclosure Requirements

The USA FREEDOM Act, passed in 2015, includes two avenues under which an NSL nondisclosure requirement might be reviewed and lifted.

First, the Act requires the FBI to periodically review the NSLs that they have issued and determine whether their nondisclosure requirements are still necessary. As a result of these reviews, the FBI has terminated gag orders for at least a handful of NSLs. We know, for example, that two companies were able to discuss and publish NSLs for the first time as a result of this periodic review: Yahoo released three NSLs in June 2016 and Google released eight NSLs in December 2016.

Second, the statute provides a mechanism under which the recipient of an NSL, like Automattic, has the right to ask the FBI to review the nondisclosure requirement accompanying an NSL. This process is referred to as “reciprocal notice.” If an NSL recipient invokes reciprocal notice, the FBI must review the NSL within 30 days and decide whether the nondisclosure requirement is still necessary. If the FBI decides it is not, it lifts the gag order. If the FBI decides that secrecy is still needed, the government must seek review of the nondisclosure requirement in federal court. A judge then reviews the nondisclosure requirement to determine if it should stay in place, needs to be modified, or should be terminated.

It is our policy to invoke the reciprocal notice procedure for any NSLs we receive. If and when a nondisclosure requirement is lifted, our policy is to share the contents of the NSL with any affected users where possible, as well as to publish a version of the NSL.

In May 2017, we sent letters to the FBI invoking the reciprocal notice procedure for each of the five NSLs that we are publishing today. Though each of the NSLs is several years old (the oldest letter dates back to 2010), we have a strong commitment to transparency and thought it was important to do what we could to disclose NSLs to our affected users and the public, even though these disclosures are several years after the fact.

In response to our letters, the FBI declined to seek judicial review of any of the five nondisclosure requirements. Instead, the government lifted the nondisclosure requirement for each letter, allowing us to share a copy of each letter publicly, with voluntary redactions to protect the privacy of the people involved.

Based on our correspondence with the government, we’ve developed a form reciprocal notice request here in Google Docs format. If your company has received an NSL in the past and you would like the government to review the letter’s nondisclosure requirement, this form may be useful to you. We have also included a copy of the FBI’s response to each of our request letters (see below).

Automattic’s Commitment to Transparency

We believe that the government does critically important work to protect our national security, and that investigative tools like NSLs are necessary to that work. At the same time, we take our commitment to transparency very seriously, and believe that our users and the public have a right to be informed about the nature of the tools that the government uses to conduct investigations and the scope of their use. That is why we worked to lift the gag orders on the NSLs that we are releasing today. We hope that the information we’ve published adds to the body of knowledge and helps inform the important public debate about NSLs.

We also continue to believe that NSLs pose serious constitutional concerns, particularly because they indefinitely prevent companies like us from speaking about them, and informing our users or the public about the NSLs that we receive. The procedures used to lift nondisclosure requirements are flawed because they put the burden of seeking an end to secrecy almost entirely on the companies, like Automattic, who receive NSLs. Though flawed, these procedures are all we have for now. We were able to use them to remove the nondisclosure orders on the letters we publish today and would like to see other companies who have received NSLs follow the same path.


Redacted NSLs (pdf)

NSL-10-287729_Redacted

NSL-10-288826_Redacted

NSL-12-355105_Redacted

NSL-12-355263_Redacted

NSL-13-365428_Redacted

Redacted FBI Response Letters (pdf)

NSL-10-287729_FBI Response_Redacted

NSL-10-288826_FBI Response_Redacted

NSL-12-355105_FBI Response_Redacted

NSL-12-355263_FBI Response_Redacted

NSL-13-365428_FBI Response_Redacted

Hall of Shame: Something Stinks in Abbotsford

For our latest Hall of Shame entry, we turn our gaze towards the City of Abbotsford in Canada. For reference, here’s their logo. Commit it to memory, as you’ll want to remember what it looks like for later:

city of abbotsford.jpg

City officials took issue with a 2013 post written by a homeless blogger that criticized them for reportedly “deliberately spread[ing] chicken manure on a homeless person’s camp” in an effort to deter people from congregating in the area. To demonstrate just how… dirty a move the blogger thought this was, he illustrated his post with a doctored image of the city’s logo, which had been modified to include a large … well, see for yourself:

City of Abbotsford Parody Logo

The accompanying text reads:

“Oh crap! Abbotsford already needs to update their new city logo.”

That seems to make the blogger’s feelings quite clear. Unhappy, however, with this depiction of their logo, a marketing firm purporting to act on behalf of the Abbotsford city council sent us a DMCA takedown notification earlier this January, claiming copyright over the image.

DMCA-Abbotsford.png

It is unclear why the city council decided to go down this particular route in an attempt to have the image removed, or why it took them almost four years to do so. What is clear, however, is that this stinks. Pardon the pun. It was glaringly obvious that the addition of the hilariously large feces was for the purposes of parody, and tied directly to the criticisms laid out in the post. As a result, it seems hard to believe that the city council took fair use considerations into account before firing off their ill-advised notice, and trying to wipe up this mess.

We rejected the complaint, and passed it on to the blogger for his perusal. In response, he updated the logo, just in case there was any doubt that the image was being used for the purposes of commentary or criticism:

City of Abbotsford Parody Logo

Much clearer now.

City of Abbotsford, welcome to the Hall of Shame.

Note: Our use of the Abbotsford city logo in this post is also for the purposes of commentary or criticism, and therefore falls under fair use protections. If anybody on the council happens to be reading, please don’t send us another DMCA takedown. 🙂

Reforming the DMCA

We at Automattic are firm believers in legitimate copyright protection. We are also vigilant about shielding our users from abuse, particularly in cases in which the abuse aims to censor legitimate criticism or ignores fair use of copyrighted materials. As an online service provider, balancing these diverse interests and rights is important to us and requires careful review and diligence. Section 512 of the DMCA was enacted to provide online service providers like Automattic with guidance on handling these issues; however, in the almost 30 years since the law was passed, the Internet landscape has evolved significantly, leaving deficiencies in the safeguards of Section 512.

To help remedy these deficiencies, the US Copyright Office started an initiative last year to study and propose reforms to the DMCA. We were grateful to have an opportunity to submit our feedback and to highlight the issues we commonly experience with the current system—namely, abusive DMCA notices, a deficient counter notice process, and the impact of copyright bots on fair use. As a follow up, the Copyright Office recently solicited empirical data and analyses to help shed light on the effectiveness and impact of the current Section 512 safe harbors – and Automattic was happy to share the data we’ve gathered on the subject in recent years.

Some key findings that we highlighted:

  • With three years of data relating to the copyright infringement notices we receive, it was particularly striking to see how consistent the figures are year after year on subjects such as counter notices, fair use, and procedural mistakes that we reject.
  • 10% of the notices of claimed infringement we receive are directed at clear fair uses or uncopyrightable content, or contain clear misrepresentations regarding copyright ownership. If our experience is representative of other online service providers in the industry, the overall volume of abuse is significant.
  • The number of counter notices we receive is remarkably low, which we believe is not the result of a correspondingly low number of false or mistaken assertions of infringement, but instead results from the concern that sending a counter notice is likely to result in costly litigation, even if that litigation would ultimately turn out to hold that no infringement had occurred.
  • More than a third of the notices we receive simply do not contain the required information—they either include incorrect information, leave out pertinent information, or fail to provide a clear description of the unauthorized material.
  • Automattic has spent a significant amount on legal fees in bringing lawsuits against blatant violators of the DMCA, but has been unable to recover these costs or collect on judgments in our favor because the remedies available under the law are often illusory even in cases of clear abuse.

Our data shows a continuing issue with the current DMCA system, which allows abuse to go unfettered due to a lack of real statutory consequences. Internet users need a more effective remedy than the counter notice to adequately safeguard their legitimate content. Stricter form-of-notice requirements, opportunity for targets to respond before content is removed, and statutory damages for abusive notices are some possible solutions that would provide increased protection for Internet users.

We are hopeful that our feedback and data will help guide reforms toward creating a more equitable environment for Internet users. We look forward to seeing how the law evolves and will continue to work hard to make the DMCA process as fair and balanced as possible.  

For more information about the data we collect, you can view our transparency reports related to section 512 here.

You can read our full comments here: Section 512 Comments

Automattic at RightsCon 2017

Automattic’s mission is to democratize publishing, part of which involves fighting for digital rights online. As a result, we are proud to sponsor RightsCon 2017 — a conference starting today, centred around “how to keep the internet open, free, and secure.”

RC2017-official-logoSeveral members of our legal and policy teams are happily in Brussels to join the
summit.

On Thursday at 4 pm, we will host a session on the day-to-day realities of dealing with takedown demands from all over the world. If you are interested in the practical perspective of a service provider fighting for bloggers’ rights, we hope you will come and ask us tough questions.

Later, on Thursday at 6:15 pm, we invite all conference attendees to continue the conversation over drinks and snacks at a cocktail reception on-site immediately following the programming.

If you are not at the conference in person, you can follow along on social media with #rightscon and hopefully many sharp blog posts to come.

Transparency Report Update: July–December 2016. Consistency is Key.

Today we launch our seventh bi-annual transparency report, covering the period between July 1 and December 31, 2016.

As usual, we detail the number of takedown demands and requests for information received from governments, as well as the intellectual property (IP) takedown notices we have received.

Having published these reports for a number of years now, something that is particularly striking is just how consistent the intellectual property figures are from one period to the next. To demonstrate this point, here are the percentages for the number of DMCA takedown requests we have rejected for each period, on the basis of being incomplete or abusive. The graphs include the total overall number of requests to provide some more context:

Looking just at the percentage of abusive notices received per reporting period, we see an even tighter range:

We believe that these numbers demonstrate a persistent and ongoing issue with the current copyright takedown system, which allows abuse to go unchecked due to a lack of real statutory consequences. Ten percent of notices on a single platform may not appear like much of a concern, but if our experience is representative of other similar hosts in the industry, the overall volume of abuse would amount to a huge number.

The same consistency seen in the IP numbers is not reflected in the percentage of government takedown demands that result in some or all content being removed as a result. Rather, these figures show a marked increase. This is partly due to a steadily climbing number of demands from countries such as Turkey and Russia, and also to a shift in our approach to handling these.

We encourage you to spend time looking through the data that we have collected, and dig in for yourselves. We’d also call on all hosts — big or small — to publish their own figures, and add their voice to the conversation.

The full transparency report is available here.

Automattic is an ORG Sponsor

This week we were proud to be unveiled as an official corporate sponsor of the Open Rights Group (‘ORG’), the very same week that the controversial Investigatory Powers Bill is being debated in the British Parliament.

Open Rights Group
ORG has been fighting tirelessly for digital rights in the UK since 2005. Despite their relatively small size, they have achieved some significant victories. They have campaigned against damaging legislation such as ACTA (which was rejected by the European Parliament in 2012); been instrumental in the implementation of the HTTP Error 451 status code to highlight sites that are rendered inaccessible for legal reasons; challenged mass surveillance in court; helped secure a ‘right to parody’ in the UK; and particularly close to our heart… fought for the rights of bloggers when they’ve been threatened with frivolous copyright takedown demands.

The work that ORG do is vital to protecting many of the online values Automattic shares, and we’re happy to support their mission.

Find out more about the Open Rights Group on their site.