Leave No Trace!

Earlier this year, we talked about the dangers of relying on third-party bots to chase down potential copyright infringement, and the ironic circumstances that ensue when the rights holder’s own content becomes a target. It’s a frustrating situation for everyone, but this kind of oversight is no surprise when automation is let off the leash. What’s even more shocking are cases in which this paradoxical level of enforcement is employed by humans, as we recently experienced with Subaru for America.

The car manufacturer is currently sponsoring a nonprofit organization, The Leave No Trace Center for Outdoor Ethics. For the uninitiated, “Leave No Trace” is the concept of enjoying the wilderness responsibly, with an eye towards conservation and preservation of natural beauty. A noble cause to be sure, but two WordPress.com users discovered the hard way that a corporation’s actions can sometimes speak louder than its words.

In the application for The Subaru Leave No Trace Traveling Trainer Program, it’s suggested that, among other things, applicants should be able to generate social media content via creating blogs, posting photos, and creating videos. This is exactly what Sam and Jenna attempted to do when they created this blog as part of their application process.

Surprisingly, however, Subaru was less than thrilled with this harmless use of the brand name, and accused our users of trademark infringement and cybersquatting. Apparently the legal department at Subaru wasn’t aware of their company’s sponsored initiative. Yikes!

We passed along the notice to Sam and Jenna with the understanding that we would not be taking any action against their blog as their content does not constitute trademark infringement. In good faith, though, our bloggers took the high road and removed most instances of ‘Subaru’ from their blog to appease the automaker’s demands.

While Subaru reminded us that it “aggressively protects its trademarks and other intangible assets,” it’s unfortunate in this case that they didn’t maintain that same level of overzealous enthusiasm for our users or the great outdoors.

Trouble in Turkey

Earlier this week, nearly all of the more than 77 million websites hosted by WordPress.com were inaccessible to the people of Turkey, due to broad and arbitrary censorship by the Turkish government. We began to hear reports of service outages during the evening of Monday, July 27, Istanbul time. The blocks were apparently removed by midday Wednesday, July 29.

Photo by Erdem Civelek of a 2011 protest for Internet freedom in Turkey. (CC BY 2.0)Citing Turkey’s 2007 Internet Law 5651, authorities sought to take down dozens of sites across the Internet they deemed objectionable. The list included five sites hosted on WordPress.com about Kurdish politics. Those sites were:

Turkey’s Information and Communication Technologies Authority provided WordPress.com with very minimal notice of their action against these sites. Within hours, before we had the chance to review their complaints much less respond, the government moved to block access. But because their order specified not just individual URLs but IP addresses as well, not only were the five targeted WordPress.com sites blocked, but so were the sites of countless nonpolitical bloggers, businesses, reporters, artists, and scientists who use WordPress.com.

A significant portion of the Internet went dark for the 75 million people of Turkey.

Once we learned of the outage, we worked to contact the authorities in Turkey, and had to adjust some of our IP addresses to make WordPress.com sites accessible. Eventually the Turkish government/ISPs chose to block only the specific sites, rather than everything on WordPress.com. Sites hosted on our platform are once again available in Turkey, except for the five listed above (though they remain accessible to visitors from outside of Turkey). We encourage Turkish readers interested in seeing what your government doesn’t want you to see to consider our suggestions for bypassing Internet restrictions. 

In a similar case last week, Turkey also blocked access to Twitter in order to censor images of a deadly bombing and calls for protest.

We share our users’ frustration with this service outage, and we’re continuing to fight against internet censorship in Turkey.

In the near term, this means challenging the government order that led to our blocking — both on the principle that blocking an entire IP range is overly broad and never the right answer, as well as objecting to the inclusion of one of the sites on the government’s blacklist. PKKONLİNE was in fact railing against the PKK and violence, not supporting terrorist activities, as the statue cited in the government’s decision requires. Apparently these kinds of mistakes can be made when you hastily pull together a lengthy blacklist, based on largely superficial information. You can read a rough English translation of our appeal to the Turkish court here (pdf).

This week’s events show once again that whenever a government decides to censor the Internet, everybody loses — not just a regime’s targets but a whole nation — and it only serves to strengthen our resolve to resist censorship wherever we may find it.

Photo by Erdem Civelek of a 2011 protest for Internet freedom in Turkey. (CC BY 2.0

Transparency Report Update

We’re pleased to release the latest update to our transparency report, covering the period of January 1 – June 30, 2015.

We try to make each new transparency report more…transparent, by adding new and more detailed information about the legal demands we receive, our responses to them, and the internal policies that guide our actions.

In this report, we’ve added a few new pieces:

  • We’ve identified our top DMCA complainants. From here on out, we’ll include a chart showing the organizations that submitted the greatest number of DMCA notices in a reporting period. Not surprisingly, the list is dominated by third party take down services, many of whom use automated bots to identify copyrighted content and generate takedown notices. We’ve written in the past about the many potential pitfalls of this practice. In the future, we may report statistics on the success rate of notices submitted by each of our top reporters, in hopes of identifying those who use automated tools thoughtfully, as they should be used: in conjunction with human review to ensure that they’re not targeting things like fair use (or even their own clients!).
  • We added more information on the processes we follow for reviewing and acting on (or rejecting) the DMCA notices we receive. The Copyright and DMCA page includes information on how our DMCA process works, for both users and copyright holders. The Our DMCA Process page explains the steps we follow to review and act on the DMCA notices that we receive. We’ve also published all of our DMCA forms, emails, and notifications on Github under a Creative Commons license. We hope this furthers our goal of transparency and serves as a useful resource for other website owners and companies who want to comply with the DMCA in a user-friendly fashion.
  • For DMCA notices, we are now reporting more granular data on the content we remove in response to a notice. In some cases, we receive a DMCA notice for content posted to a site that violates our Terms of Service (like a spam or warez site, for example). In prior reports, we counted both the suspension of these types of sites and the takedown of individual copyrighted files from legitimate sites, in the category of “notices where some or all content was removed.” Beginning with this report, we are separately reporting the percentage of notices where we remove copyrighted content from legitimate sites. In this reporting period, for example, if we counted suspended sites as rejected notices, the percentage of notices where some or all content was removed would be 33% (down from 57%).
We hope you find the transparency report useful and informative. If you have suggestions for how we can improve the report, or information you’d like to see included in future reports, please let us know!

ICANN Considers Relaxing Domain Registration Privacy; Automattic Objects

We’ve said it time and time again: user privacy is important to us. We’re vigilant about protecting it on WordPress.com, and we’re always on the lookout, ready to weigh in on policy proposals that might curtail the privacy that we and our users value so highly.

Today, our focus turns to the Internet Corporation for Assigned Names and Numbers (ICANN), the organization responsible for coordinating the internet’s naming system, such as domain names. ICANN is currently considering a proposal that would prohibit many domain owners from using privacy and proxy registration services.

What exactly does this mean? If you’ve ever registered a domain (and millions of you on WordPress.com have), you may have noticed an option to make your personal information, such as your name, address, and phone number, private. This is great for those who want to publish anonymously or those who simply value more privacy. However, ICANN is considering precluding anyone who uses a domain for “commercial” purposes from private registration. “Commercial” use has not yet been defined in this context, but it could affect more domain owners than you think; it’s not uncommon for a website to run ads or include affiliate links to cover costs. Needless to say, we strongly oppose this proposal.

Who wants this change? Large copyright holders (like movie studios), for starters. Proponents of this proposal argue that website owners should be held accountable and that they need means to identify those that are abusive. However, there’s already a means to do this — it involves due legal process and justifying that the information they’re seeking is relevant or necessary to a lawsuit or investigation.

If the proposal were adopted, all of the privacy protections we provide our users on WordPress.com, as well as those that currently exist under the law, would largely be for naught, easily circumvented by a quick WHOIS search. We work hard to design and implement our rigorous privacy protections because we’ve seen firsthand how requests for user information can be used as a means to silence or retaliate against anonymous speakers. Every day we see our users depending on the privacy and anonymity afforded to them to engage in thoughtful, compelling speech and journalism.

We believe this proposal would significantly harm communication, commerce, and most especially, anonymous speech online, so we ask ICANN to reject the current proposal to limit privacy-protecting domain registration services.

You can read our full filing in opposition to the proposed rule here.

More Transparent Content Removal

Every day we receive a significant number of requests to have content removed from sites hosted on WordPress.com. Many of these involve alleged copyright violations making use of the DMCA takedown process, or the publication of sensitive private information. We review every single one by hand to ensure that the processes are not being abused for the purposes of censorship, and are constantly looking to improve how they are handled.

Content Removal Image

Before now, whenever content was removed from sites in these situations, there was no visual indication to explain why things may not be displaying correctly, with visitors confronted with a 404 page not found error instead. This was far from an ideal situation, and as part of our commitment to increased transparency, we are proud to be able to say that this is no longer the case.

From today, when content is removed from a WordPress.com site as the result of a DMCA takedown, or a private information complaint, a notice will be placed on the site in question to explain exactly what content has been removed, when, and why. In the case of images, a placeholder will be displayed. We hope this will help ensure that on those occasions where we are required to intervene, that the reasons for doing so are as clear as possible.

Read more about our DMCA policy here.

Read more about our private information policy here.

In addition to implementing this new process, we have also updated our documentation with new pages on how we approach the DMCA in general. You can find this at the following links:

https://en.support.wordpress.com/our-dmca-process/

https://en.support.wordpress.com/copyright-and-the-dmca/

Standing Up for Bitcoin

We strongly believe in the power of open source software, and have seen first hand how it can empower communities to build better software for an endless variety of applications, from the ground up.

Bitcoin, and other digital currencies, are great examples of how open, community driven development can spark innovations that would be very difficult to replicate under a top down, proprietary development model.

BC_Logo_That’s one of the main reasons why we accepted bitcoin as payment for Automattic upgrades. Though we paused Bitcoin support earlier this year, due to resource constraints, we still strongly support its mission. It’s also why we’ve recently engaged in the policy realm to champion policies that will foster, not impede future innovations in open, digital currencies like Bitcoin.

We’re proud to have filed comments in response to New York State’s proposed Bitlicense, which is a state-level attempt to regulate the decentralized, open source technology with highly prescriptive cybersecurity and licensing requirements. We’d also emphasize that many of these comments also apply to similar efforts to regulate digital currencies currently underway in other states, such as California’s AB 1326.

Bitcoin Should be (Un)regulated Like Open Source Software—Not Burdened By Misguided Licenses

We view the New York regulator’s efforts as deeply misguided. They needlessly stifle development of very promising open technologies, and potentially threaten free speech, privacy, and security.

Key reasons we oppose the proposed rules include:

  • Regulation of any kind at this stage of Bitcoin’s development is a mistake. Adding burdensome regulatory requirements that do more harm than good will surely succeed only in stifiling new innovations in Bitcoin and blockchain technologies.
  • Regulating digital currencies will have unintended consequences on free speech, especially anonymous speech online. Many of our users, especially those residing in countries lacking freedom of expression, choose to publish their sites anonymously. New York’s BitLicense proposal would require these publishers to risk revealing their identities for even small payments.
  • States should not be in the business of regulating digital currencies. New York’s proposed law is bad enough, but imagine a world in which every state had its own version of the bitlicense – we’d have an unmanageable thicket of dozens of state laws. This situation would be ill-suited to a technology without borders. If digital currencies are to be regulated, it should be at the federal, not state, level.
  • The cybersecurity provisions create more problems than they solve. These provisions would entrust the New York agency with so much data that the agency would become a top cybsersecurity target, and we are not sure the agency has the expertise to protect that data.

We are scarcely at the dawn of understanding the possibilities of open technologies like Bitcoin, and the blockchain. It is hasty to regulate digital currencies in the manner the BitLicense proposes, especially when we are not fully aware of what’s at stake. We believe that current laws, applied well, likely will address the consumer harms that New York is concerned about. Once the technologies have matured, it may be sensible to adopt a uniform, reasonable set of rules at the federal level.

Read our full letter to New York’s Department of Financial Services:

When Bots go Bad: Automated DMCA Takedown Problems

In the past, we’ve not been shy about highlighting a number of the issues that exist with the DMCA, and recently fought back against its abuse in court. However, it remains true that tackling repeated instances of copyright infringement online can be repetitive work, and it’s no surprise that some people opt to outsource this task to third parties who have an army of specially programmed bots at their command.

These kind of automated systems scour the web, firing off takedown notifications where unauthorized uses of material are found – so humans don’t have to. Sounds great in theory, but it doesn’t always work out as smoothly in practice. Much akin to some nightmare scenario from the Terminator, sometimes the bots turn on their creators.

Be Afraid

Be afraid

We saw this happen fairly recently on WordPress.com, in an it-would-be-funny-if-it-wasn’t-so-serious kind of scenario. Attributor.com sent in a formally valid takedown notification on behalf of an academic, demanding that we disable access to a PDF that infringed upon his copyright. Following the statutory requirements, we did so, and notified the user, with instructions on how to submit a counter notification if they wished to challenge the removal.

Within a few days we heard back from the (understandably unhappy) site owner, who explained that they were in fact the copyright holder. The takedown notification was issued by an agency working on his behalf, and their bot had mistakenly targeted the original author’s site.

Ouch.

The confusion was eventually sorted out after the agency retracted the original takedown notice, and we restored access – but not before it was unavailable for almost five full days.

The DMCA notification and takedown process is a powerful weapon in the battle against copyright infringement, but it can also cause severe harm to freedom of speech when used inappropriately. As a result, it is something that should be deployed carefully, and with respect. All too often, overly broad takedown notifications are sent to online service providers in a scatter gun approach, with the financial interests of third party agents (who are routinely paid by instance of successful takedown) placed above the accuracy of the reports.

There is no question that there are a lot of issues involved in choosing to use bots to enforce copyright, but having them turn against you has got to be one of the worst.

Cheers to the FCC for Supporting Title II to Protect the Open Internet

WordPress.com aims to democratize publishing – to build the tools that give writers, bloggers, and creators of all sizes a way to get their voices to the world. Today we see that our voices were heard, and that they had a big impact on the future of the internet.

This morning, FCC chairman Tom Wheeler announced his support for strong network neutrality rules, by proposing to reclassify internet service under Title II of the telecommunications act. We applaud Chairman Wheeler for today’s announcement. It’s a historic step, and one that would not have been possible without the support of the millions of internet users – from individual WordPress.com bloggers to the President of the United States – who voiced their support for the open internet for the past several months. At Automattic, we’re proud to have participated in this historic effort, and pledge to continue supporting this important cause until rules that truly protect the free, open internet that we know and love are firmly in place.

Open Sourcing Our DMCA Process

At Automattic, we are firm believers in the power of open source: the release of code (or other works) into the public domain to be used, modified, and shared freely.

One of the challenges faced by online service providers is how to implement an effective policy for dealing with the DMCA takedown process – especially in cases where the system is being abused. We strive to protect users’ freedom of speech, and would love to see others do the same. However, the possible scenarios and requirements can be confusing; the language intimidating… especially for websites run by individuals or small organisations.

As a result, we are pleased to announce that today we are open sourcing our DMCA process docs on GitHub – under the Creative Commons Attribution-ShareAlike 3.0 license.

Included in the release is our already publicly available pages for details on how to submit a DMCA takedown and counter notice:

http://automattic.com/dmca/

http://automattic.com/dmca-counter-notice/

In addition, there is also a comprehensive set of detailed ‘predefined replies’ that we use when corresponding with both users and complainants in specific situations.

Some examples are:

  • Informing a user that a DMCA notice against their site has been received, the material disabled, and instructions for what to do next if they wish to challenge the removal.
  • Notification to a claimant that we are rejecting their claim on fair use grounds.
  • A response to an incomplete DMCA takedown, outlining which elements render the notice invalid, and instructions on how to make the necessary corrections.

We hope that this will help demystify some of the issues surrounding the DMCA process, and help others to implement their own.

The updated repo is available here, with the relevant docs filed under ‘DMCA’:

https://github.com/Automattic/legalmattic

We Proudly Have Your Back: EFF Awards WordPress.com 5 Stars For Protecting User Speech

The Electronic Frontier Foundation yesterday released a new version of their Who Has Your Back? report, focused on protecting user speech from “copyright & trademark bullies.”

yeeaaahhhWe’re proud that WordPress.com was awarded all five possible stars in the report — one of only two services to earn that honor.

“When a private citizen or corporation wants to silence speech on a major online platform, the quickest method is often a copyright or trademark complaint,” the EFF correctly noted. This isn’t what the law intended, but it’s a practice that we see all too frequently.

We strongly support the rights of all creators to reasonably protect their works — WordPress.com users create millions of original (and copyrighted!) posts every day, after all — but we are irked when IP holders stretch their legal rights to the point of abuse. The law is meant to also preserve free expression and fair use. So we strive to defend those liberties and build tough safeguards against censorship. Otherwise WordPress.com, and the Internet at large, cannot remain a free, open, and vibrant platform for all.

A major theme of the EFF report is transparency — how well do internet companies explain their policies to the world and especially to their users? This is crucial because copyright, trademark law, and the enforcement and takedown processes remain an obscure and misunderstood facet of the Internet. We’re continually working to improve on this front and are optimistic about similar efforts underway at many companies across the industry.

The EFF warmed our fair-use-loving little hearts by specifically citing Automattic’s lawsuits in response to abusive takedown requests, policy to have humans carefully review all trademark complaints, and recently expanded transparency report. They also gave shout-outs to great work done by our peers, such as Etsy’s fantastic explanatory writing and Twitter’s two solid years of standard-setting transparency reports, from which we’ve certainly drawn inspiration.

Have a look at the full report. It’s an interesting read, top to bottom. There’s even a PDF version for all you lawyers stuck in the last century.

The animated GIF used above I believe to be fair use of a scene from the Fox Broadcasting Network series Bob’s Burgers. If Fox disagrees, well, they know how to reach us